權限管理

• chmod
• chown
• 遮罩碼
• suid，sgid（特殊權限）
• 文件系統訪問控制列表facl
• sudo

chmod

修改某類用戶或某些類用戶權限：
u,g,o,a（用戶類別）

[root@localhost ~]# ll total 0 drwxr-xr-x. 2 root root 6 Oct 27 00:51 abc drwxr-xr-x. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod u-w abc [root@localhost ~]# chmod u-r pyhptl [root@localhost ~]# ll total 0 dr-xr-xr-x. 2 root root 6 Oct 27 00:51 abc d-wxr-xr-x. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod u+r pyhptl [root@localhost ~]# chmod u+w abc [root@localhost ~]# ll total 0 drwxr-xr-x. 2 root root 6 Oct 27 00:51 abc drwxr-xr-x. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod g=w abc [root@localhost ~]# chmod o=x pyhptl [root@localhost ~]# ll total 0 drwx-w-r-x. 2 root root 6 Oct 27 00:51 abc drwxr-x--x. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# [root@localhost ~]# chmod g-w abc [root@localhost ~]# chmod o-x pyhptl [root@localhost ~]# ll total 0 drwx---r-x. 2 root root 6 Oct 27 00:51 abc drwxr-x---. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod g= pyhptl [root@localhost ~]# ll total 0 drwx---r-x. 2 root root 6 Oct 27 00:51 abc drwx------. 2 root root 6 Oct 27 00:46 pyhptl[root@localhost ~]# chmod 644 pyhptl [root@localhost ~]# ll total 0 drwx---r-x. 2 root root 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl

chown

chown命令只有管理員可以使用。

[root@localhost ~]# chown tom pyhptl [root@localhost ~]# ll total 0 drwx---r-x. 2 root root 6 Oct 27 00:51 abc drw-r--r--. 2 tom root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chown tom abc [root@localhost ~]# ll total 0 drwx---r-x. 2 tom root 6 Oct 27 00:51 abc drw-r--r--. 2 tom root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chown .root pyhptl [root@localhost ~]# chown .root abc [root@localhost ~]# ll total 0 drwx---r-x. 2 tom root 6 Oct 27 00:51 abc drw-r--r--. 2 tom root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chown :tom abc [root@localhost ~]# chown :tom pyhptl [root@localhost ~]# ll total 0 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 tom tom 6 Oct 27 00:46 pyhptl [root@localhost ~]# chown tom.tom abc [root@localhost ~]# chown root.root pyhptl [root@localhost ~]# ll total 0 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc -rw-r--r--. 1 tom root 0 Oct 27 01:38 lscs drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl

遮罩碼

文件最終的權限為：
666-umask
目錄最終的權限為：
777-umask

umask [root@localhost ~]# umask 0022 [root@localhost ~]# umask 002 [root@localhost ~]# umask 0002 [root@localhost ~]# ll total 0 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# touch 123 [root@localhost ~]# mkdir 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxrwxr-x. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl

suid，sgid（特殊權限）

linux默認權限是根據linux安全上下文的方式來控制的，而特殊權限的存在打破了linux安全上下文的規則。

suid [root@localhost ~]# ll /usr/bin/vi -rwxr-xr-x. 1 root root 1416744 Jul 23 2019 /usr/bin/vi [root@localhost ~]# chmod u+s /usr/bin/vi [root@localhost ~]# ll /usr/bin/vi -rwsr-xr-x. 1 root root 1416744 Jul 23 2019 /usr/bin/vi [root@localhost ~]# chmod u-x /usr/bin/vi [root@localhost ~]# ll /usr/bin/vi -rwSr-xr-x. 1 root root 1416744 Jul 23 2019 /usr/bin/vi [root@localhost ~]# chmod u+x /usr/bin/vi [root@localhost ~]# ll /usr/bin/vi -rwsr-xr-x. 1 root root 1416744 Jul 23 2019 /usr/bin/vi [root@localhost ~]# chmod u-s /usr/bin/vi [root@localhost ~]# ll /usr/bin/vi -rwxr-xr-x. 1 root root 1416744 Jul 23 2019 /usr/bin/vi [root@localhost ~]# chmod 4755 /usr/bin/vi [root@localhost ~]# ll /usr/bin/vi -rwsr-xr-x. 1 root root 1416744 Jul 23 2019 /usr/bin/visgid [root@localhost ~]# chmod g+s 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxrwsr-x. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod g-s 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxrwxr-x. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod 2755 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxr-sr-x. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod g-x 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxr-Sr-x. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod g+x 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxr-sr-x. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod 777 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxrwsrwx. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod o+t 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxrwsrwt. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod o-x 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxrwsrwT. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod o+x 456 [root@localhost ~]# ll total 0 -rw-rw-r--. 1 root root 0 Oct 27 03:11 123 drwxrwsrwt. 2 root root 6 Oct 27 03:11 456 drwx---r-x. 2 tom tom 6 Oct 27 00:51 abc drw-r--r--. 2 root root 6 Oct 27 00:46 pyhptl [root@localhost ~]# chmod o-t 123 [root@localhost ~]# ll total 4 drwxr-xr-x. 2 root root 6 Oct 30 19:00 123 drwxr-xr-x. 2 root root 6 Oct 30 19:00 456 [root@localhost ~]# chmod 1777 123 [root@localhost ~]# ll total 4 drwxrwxrwt. 2 root root 6 Oct 30 19:00 123 drwxr-xr-x. 2 root root 6 Oct 30 19:00 456 [root@localhost ~]# chmod 0777 123 [root@localhost ~]# ll total 4 drwxrwxrwx. 2 root root 6 Oct 30 19:00 123 drwxr-xr-x. 2 root root 6 Oct 30 19:00 456

文件系統訪問控制列表facl

利用文件擴展保存額外的訪問控制權限

[root@localhost ~]# setfacl -m u:tom:rw 456 [root@localhost ~]# getfacl 456 # file: 456 # owner: root # group: root user::rwx group::r-x other::r-x[root@localhost ~]# ll total 4 drwxrwxrwx. 2 root root 6 Oct 30 19:00 123 drwxr-xr-x. 2 root root 6 Oct 30 19:00 456[root@localhost ~]# setfacl -m g:lscs:6 456 [root@localhost ~]# getfacl 456 # file: 456 # owner: root # group: root user::rwx group::r-x group:lscs:rw- mask::rwx other::r-x [root@localhost ~]# getfacl 123 # file: 123 # owner: root # group: root user::rwx group::rwx group:lscs:rw- mask::rwx other::rwx [root@localhost ~]# setfacl -x u:pyhptl 456 [root@localhost ~]# getfacl 456 # file: 456 # owner: root # group: root user::rwx group::r-x group:lscs:rw- mask::rwx other::r-x [root@localhost ~]# setfacl -b 456 [root@localhost ~]# getfacl 456 # file: 456 # owner: root # group: root user::rwx group::r-x other::r-x [lscs@localhost root]$ which useradd /usr/sbin/useradd [lscs@localhost root]$ /usr/sbin/useradd [lscs@localhost root]$ /usr/sbin/useradd qn02 useradd: Permission denied. useradd: cannot lock /etc/passwd; try again later. [lscs@localhost root]$ sudo /usr/sbin/useradd qn02We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:#1) Respect the privacy of others.#2) Think before you type.#3) With great power comes great responsibility.lscs is not in the sudoers file. This incident will be reported [lscs@localhost root]$id qn02 id:'qn02':no_such user

sudo

sudo的配置文件：/etc/sudoers
使用visudo命令進行sudo的配置，每一行就是一個sudo條目，條目格式如下：
who which_hosts=(runas) command
who：User_Alias表示運行命令者的身份
which_hosts：Host_Alias，通過哪些主機
runas：Runas_Alias，以哪個用戶的身份
command：Cmnd_Alias，運行哪些命令

總結

以上是生活随笔為你收集整理的权限管理2020-11-3的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。